Ransomware Hits County Offices, Knocks The Weather Channel Offline

Ransomware may not be as prevalent or dominant in the threat landscape as it was before but, as demonstrated by LockerGoga when it hit a Norwegian manufacturing company, its destructive impact still makes it a significant threat. In fact, ransomware continues to make headway, with the latest spate of attacks crippling several counties and municipalities in the U.S.

Government offices in Augusta, Maine; Imperial County, California; Stuart, Florida; and Greenville, North Carolina were reportedly affected by separate incidents. Operations in the Augusta City Center were shut down, particularly IT systems used for the municipal public safety dispatch and financial systems, billing, automobile tax, and assessor’s records.

Earlier, the website and systems in Imperial County and Stuart were reportedly hit by the Ryuk ransomware. The malware took the networks in Imperial County’s office offline and adversely affected its services such as its online payment system, while the offices in Stuart had to disconnect and shut down its affected servers and email systems.

Is ransomware resurging?

Regardless of industry, ransomware appears to be increasingly used in attacks with specific targets. Ryuk, which Trend Micro researchers saw was involved in larger targeted campaigns, was reportedly the same culprit that hindered the printing and delivery operations of several U.S. newspapers last year, including The Los Angeles Times. On April 18, the systems of The Weather Channel in Atlanta, Georgia, were infected by ransomware, disrupting the channel’s live broadcast for 90 minutes before IT staff restored regular programming through backups.

The latest round of incidents shows how ransomware poses significant risks to the privacy and security of personal or mission-critical files, and the integrity of the infrastructures that store and manage them. And when these IT infrastructures are compromised, they can adversely affect a company’s operations, customer trust, and ultimately, its bottom line.

For instance, Norsk Hydro, the multinational manufacturing company affected by LockerGoga, estimated its financial losses of up to NOK350 million (around US$40 million), with some of its operations still in the process of recovery. No business is big or small for ransomware, either. For instance, the ransom demand for small to medium enterprises affected by ransomware reportedly averaged at US$116,000. Some ransomware families, too, are known to conduct other malicious routines like information theft.

Ransomware’s impact could also be exacerbated by how it is distributed. In the same week municipalities suffered attacks, researchers reported a ransomware as a service (RaaS) being peddled in the dark web, named Inpivx. Budding cybercriminals, regardless of their technical knowhow, can customize their ransomware via a user-friendly dashboard where they can manage communication with their victims. And given how affiliates could tailor their malware, a ransomware family could have numerous variants — each with different functionalities and malicious routines — further exposing users and businesses to the threat.

2019 SECURITY PREDICTIONS

Our security predictions for 2019 are based on our experts’ analysis of the progress of current and emerging technologies, user behavior, and market trends, and their impact on the threat landscape.View the 2019 Security Predictions